MFA and SSL Certificate Expired

Question

I have a Multi-factor Authentication Server and I have recently update the ADFS server with a new Certificate, that has adfs.domain.com and mfa.domain.com as additional DNS Entries.

I have updated the IIS configuration on to bind the new SSL Certs and it appears to work fine internally with the correct CERT, I have two servers, which show as Connected and Online.

I then have an external loadbalancer that has two AD FS Proxy Servers that also have traffice for mfa.domain.com

I can see that the thumbprint for mfa is incorrect. (1) and needs to be the same as (2)

How do I go about doing this?

Answer 1

Hello @ChrisFarmer-2025 ,

Please use the command below to update the same. Open a command prompt with administrator privileges and then take an export of the output of netsh http show sslcert command which you have posted to a text file. Once you have the output , run the following command .

 netsh http update sslcert hostnameport=mfa.domain.com:443 certhash=117a7c4be9b854ca5cd47d1bd26e842b6bd7e4e7 appid={5d89a20c-beab-4389-9447-324788eb944a} certstorename=MY

Substitute the values correctly as per your environment . I have tried to mention the values as I can see them in the pic but I would suggest you to check it twice. Once done the certificate should get updated. Should it give any error , please let us know and we will try to help you further. If this helps you and you are able to resolve the issue , please do accept this post as answer so that it is helpful to other members of the community .

Thank you.